periodics-daily.yaml 4.69 KB
Newer Older
Jean-Philippe Evrard's avatar
Jean-Philippe Evrard committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: Daily jobs

on:
  schedule:
  - cron: "30 1 * * *"

jobs:
  periodics-mark-stale:
    name: Mark stale issues and PRs
    runs-on: ubuntu-latest
    steps:
    # Stale by default waits for 60 days before marking PR/issues as stale, and closes them after 7 days.
    # Do not expire the first issues that would allow the community to grow.
    - uses: actions/stale@v3.0.14
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        stale-issue-message: 'This issue was automatically considered stale due to lack of activity. Please update it and/or join our slack channels to promote it, before it automatically closes (in 7 days).'
        stale-pr-message: 'This PR was automatically considered stale due to lack of activity. Please refresh it and/or join our slack channels to highlight it, before it automatically closes (in 7 days).'
        stale-issue-label: 'no-issue-activity'
        stale-pr-label: 'no-pr-activity'
        exempt-issue-labels: 'good-first-issue'

  check-docs-links:
    name: Check docs for incorrect links
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: Link Checker
      id: lc
      uses: peter-evans/link-checker@v1
      with:
        args: -r *.md *.yaml */*/*.go -x .cluster.local
    - name: Fail if there were link errors
      run: exit ${{ steps.lc.outputs.exit_code }}

  vuln-scan:
    name: Build image and scan it against known vulnerabilities
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
Jean-Philippe Evrard's avatar
Jean-Philippe Evrard committed
41
42
43
44
45
46
47
48
49
      - name: Find go version
        run: |
          GO_VERSION=$(awk '/^go/ {print $2};' go.mod)
          echo "::set-output name=version::${GO_VERSION}"
        id: awk_gomod
      - name: Ensure go version
        uses: actions/setup-go@v2
        with:
          go-version: "${{ steps.awk_gomod.outputs.version }}"
Jean-Philippe Evrard's avatar
Jean-Philippe Evrard committed
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
      - run: make DH_ORG="${{ github.repository_owner }}" VERSION="${{ github.sha }}" image
      - uses: Azure/container-scan@v0
        with:
          image-name: docker.io/${{ github.repository_owner }}/kured:${{ github.sha }}

  deploy-helm:
    name: Ensure a kubernetes change didn't break our code
    runs-on: ubuntu-latest
    # only build with oldest and newest supported, it should be good enough.
    strategy:
      matrix:
        kubernetes:
          - 1.17
          - 1.18
          - 1.19
    steps:
      - uses: actions/checkout@v2
Jean-Philippe Evrard's avatar
Jean-Philippe Evrard committed
67
68
69
70
71
72
73
      - name: Find go version
        run: |
          GO_VERSION=$(awk '/^go/ {print $2};' go.mod)
          echo "::set-output name=version::${GO_VERSION}"
        id: awk_gomod
      - name: Ensure go version
        uses: actions/setup-go@v2
Jean-Philippe Evrard's avatar
Jean-Philippe Evrard committed
74
        with:
Jean-Philippe Evrard's avatar
Jean-Philippe Evrard committed
75
          go-version: "${{ steps.awk_gomod.outputs.version }}"
Jean-Philippe Evrard's avatar
Jean-Philippe Evrard committed
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
      - name: Build artifacts
        run: |
          make DH_ORG="${{ github.repository_owner }}" VERSION="master" image
          make DH_ORG="${{ github.repository_owner }}" VERSION="master" helm-chart

      - name: "Workaround 'Failed to attach 1 to compat systemd cgroup /actions_job/...' on gh actions"
        run: |
          sudo bash << EOF
              cp /etc/docker/daemon.json /etc/docker/daemon.json.old
              echo '{}' > /etc/docker/daemon.json
              systemctl restart docker || journalctl --no-pager -n 500
              systemctl status docker
          EOF

      # Default name for helm/kind-action kind clusters is "chart-testing"
      - name: Create 5 node kind cluster
        uses: helm/kind-action@master
        with:
          config: .github/kind-cluster-${{ matrix.kubernetes }}.yaml

      - name: Preload previously built images onto kind cluster
        run: kind load docker-image docker.io/${{ github.repository_owner }}/kured:master --name chart-testing

      - name: Deploy kured on default namespace with its helm chart
        run: |
          # Documented in official helm doc to live on the edge
          curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
          # Refresh bins
          hash -r
          helm install kured ./charts/kured/ --set configuration.period=1m
          kubectl config set-context kind-chart-testing
          kubectl get ds --all-namespaces
          kubectl describe ds kured

      - name: Ensure kured is ready
111
        uses: nick-invision/retry@v2.4.0
Jean-Philippe Evrard's avatar
Jean-Philippe Evrard committed
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
        with:
          timeout_minutes: 10
          max_attempts: 10
          retry_wait_seconds: 60
          # DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE should all be = 5
          command: "kubectl get ds kured | grep -E 'kured.*5.*5.*5.*5.*5' "

      - name: Create reboot sentinel files
        run: |
          ./tests/kind/create-reboot-sentinels.sh

      - name: Follow reboot until success
        env:
          DEBUG: true
        run: |
          ./tests/kind/follow-coordinated-reboot.sh